<!DOCTYPE html>
<html>
<head>
 
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
</head>



<body>


系统载入中，请稍等...



<?php
//验证登陆信息
session_start();


include_once("../config.php");

include_once '../connection.php';


//if($_POST['submit']){
$username=$_POST['username'];
$userpass=$_POST['userpass'];


	 $userpass=md5($userpass);
	
	
	
	//先判断接收的用户名，是否含有特殊字符。有的话，直接返回登陆框。
	if(!preg_match("/^[0-9a-zA-Z]{3,12}$/",$username)){
             echo "<script language='javascript'>alert('用户名不存在！');location='/user';</script>";}
			  
			  else{
				  
				  
				  
				  
	//设置需要搜索的表格的前缀后缀
    $table_Suffix="employee";
    $table=$table_Prefix.$table_Suffix;
	$query = mysql_query("SELECT COUNT(nid) FROM $table");
    $sum = mysql_result($query, 0);
 

 
//设置需要搜索的表格的前缀后缀
$table_Suffix="employee";
$table=$table_Prefix.$table_Suffix;
 
$result = mysql_query("select * from $table"); 
	
while($row = mysql_fetch_array($result))
  {

	  $admin_nid[]          = $row['nid'];
	  $admin_name[]         = $row['name'];
	  $admin_password[]     = $row['mima'];
	  $admin_department[]   = $row['department'];
	  $admin_departmentid[] = $row['departmentid'];
	  $admin_mid[]          = $row['mid'];
	  $admin_authority[]    = $row['authority'];
	  $admin_mima[]         = $row['mima'];
	  $admin_position[]     = $row['position'];



  }
  
 
 
	
 
 //定义一个值，用来记录输入的用户名是否正确
 $get_right_username=false;
 
 
 
//循环一下读取的账户名字，是否和传递过来的一致。
//如果输入的用户名根本没有，则什么都不做，留给下一步。
for($i=0;$i<$sum;$i++)
{
 //如果一致，则开始循环密码
	if ($admin_mid[$i]==$username){
		
		 $get_right_username=true;//传递过来的用户名，是正确的。
		 
		 //对照数据库密码和传递过来的密码是否一致
		if ($admin_password[$i]==$userpass)
		{
			$_SESSION['username']     = $admin_name[$i];
			$_SESSION['department']   = $admin_department[$i];
			$_SESSION['departmentid'] = $admin_departmentid[$i];
			$_SESSION['mid']          = $admin_mid[$i];
			$_SESSION['nid']          = $admin_nid[$i];

			echo "<script language='javascript'> location='../controlbase/';</script>";
		}
		else {
			echo "<script language='javascript'>alert('密码错误！');location='/';</script>";
		}
	}
	
//如果没有一致的，就什么都不做。
else{}
	
	
}
	
	
	

 if(!$get_right_username)
{ 
	 echo "<script language='javascript'>alert('用户名不存在！');location='/user';</script>";
}
	
else{}

}
 

//}
?>

 }

</body>